General
-
Target
c3aa936e5f2308817de822e05eec54912054abf93d19119961fc0f7a75760ca5
-
Size
335KB
-
Sample
230201-p22k6sdb89
-
MD5
7ab35db90db9eb1afafa36bc46ae0b54
-
SHA1
243facaee51ea713bad653884edb97a24ffea5fa
-
SHA256
c3aa936e5f2308817de822e05eec54912054abf93d19119961fc0f7a75760ca5
-
SHA512
bb4b03d053b79f4388723e5720b197ecdd962de62c8f92b58766c299fe8b350859259ba8e5e17c044b345b9af916cee6f795b8f6ffdb3e2b7de4a5875e8c0887
-
SSDEEP
3072:o6QGimRqvrjZDLlmWJQ5Bk0Upk/9B7UJr/m+V9JSDDFra+RtsFvs6j9n1LrmhIqS:o6Qdjj9LlmIxiVBymqJIDFrNWFKR3M
Malware Config
Extracted
redline
fredy
62.204.41.170:4132
-
auth_value
880249eef9593d49a1a3cddf57c5cb35
Targets
-
-
Target
c3aa936e5f2308817de822e05eec54912054abf93d19119961fc0f7a75760ca5
-
Size
335KB
-
MD5
7ab35db90db9eb1afafa36bc46ae0b54
-
SHA1
243facaee51ea713bad653884edb97a24ffea5fa
-
SHA256
c3aa936e5f2308817de822e05eec54912054abf93d19119961fc0f7a75760ca5
-
SHA512
bb4b03d053b79f4388723e5720b197ecdd962de62c8f92b58766c299fe8b350859259ba8e5e17c044b345b9af916cee6f795b8f6ffdb3e2b7de4a5875e8c0887
-
SSDEEP
3072:o6QGimRqvrjZDLlmWJQ5Bk0Upk/9B7UJr/m+V9JSDDFra+RtsFvs6j9n1LrmhIqS:o6Qdjj9LlmIxiVBymqJIDFrNWFKR3M
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-